Numerous Philanthropic Misanthropes

    npm

    Sign UpSign In

    cors
    DefinitelyTyped icon, indicating that this package has TypeScript declarations provided by the separate @types/cors package

    0.0.2 • Public • Published

    cors

    CORS is a node.js package for providing a connect/express middleware that can be used to enable CORS with various options.

    build status

    Installation

    $ npm install cors

    Usage

    Simple Usage (Enable All CORS Requests)

    var express = require('express')
  , cors = require('cors')
  , app = express();

app.get('/products/:id', cors(), function(req, res, next){
  res.json({msg: 'This is CORS-enabled for all origins!'});
});

app.listen(80, function(){
  console.log('CORS-enabled web server listening on port 80');
});

    Configuring CORS

    var express = require('express')
  , cors = require('cors')
  , app = express();

var corsOptions = {
  origin: 'http://example.com'
};

app.get('/products/:id', cors(corsOptions), function(req, res, next){
  res.json({msg: 'This is CORS-enabled for only example.com.'});
});

app.listen(80, function(){
  console.log('CORS-enabled web server listening on port 80');
});

    Configuring CORS Asynchronously

    var express = require('express')
  , cors = require('cors')
  , app = express();

var whitelist = ['http://example1.com', 'http://example2.com'];
var corsOptionsDelegate = function(req, callback){
  var corsOptions;
  if(whitelist.indexOf(req.header('Origin')) !== -1){
    corsOptions = { origin: true }; // reflect (enable) the requested origin in the CORS response
  }else{
    corsOptions = { origin: false }; // disable CORS for this request
  }
  callback(null, corsOptions); // callback expects two parameters: error and options
};

app.get('/products/:id', cors(corsOptionsDelegate), function(req, res, next){
  res.json({msg: 'This is CORS-enabled for a whitelisted domain.'});
});

app.listen(80, function(){
  console.log('CORS-enabled web server listening on port 80');
});

    Options

    For details on the effect of each CORS header, read this article on HTML5 Rocks.

    • options.origin: Configures the Access-Control-Allow-Origin CORS header. Expects a string (ex: "http://example.com"). Set to true to reflect the request origin, as defined by req.header('Origin'). Set to false to disable CORS.
    • options.methods: Configures the Access-Control-Allow-Methods CORS header. Expects a comma-delimited string (ex: 'GET,PUT,POST') or an array (ex: ['GET', 'PUT', 'POST']).
    • options.headers: Configures the Access-Control-Allow-Headers CORS header. Expects a comma-delimited string (ex: 'Content-Type,Authorization') or an array (ex: ['Content-Type', 'Authorization]). If not specified, defaults to reflecting the headers specified in the request's Access-Control-Request-Headers header.
    • options.credentials: Configures the Access-Control-Allow-Credentials CORS header. Set to true to pass the header, otherwise it is omitted.
    • options.maxAge: Configures the Access-Control-Allow-Max-Age CORS header. Set to an integer to pass the header, otherwise it is omitted.
    • options.enablePreflight: By default, a request that runs through this middleware with a method of OPTIONS will short-circuit with a 204 response to the client after the CORS headers have been written. Set this option to false to disable this feature.

    License

    MIT License

    Author

    Troy Goode (troygoode@gmail.com)

    Keywords

    Install

    npm i cors@0.0.2

    Repository

    Gitgithub.com/expressjs/cors

    Homepage

    github.com/expressjs/cors#readme

    Version

    0.0.2

    License

    MIT

    Last publish

    Collaborators

    • dougwilson
    • troygoode
    Try on RunKit
    Report malware